Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page spam assassin rules

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
Page 2 of 2 < 1 2
 
LinkBack Thread Tools Search this Thread Display Modes
  #11 (permalink)  
Old 09-14-2009, 02:33 AM
Moderator
  
Posts: 7,928
Default
Can you post the full message in a text attachment; including the MIME information. Will run through my install and see what it hits. A similar one I received today got the following scores
Code:
cached	not	 
	score=57.1	 
6	required	 
	autolearn=spam	 
3.00	AV_SS	SaneSecurity Signatures
3.50	BAYES_99	Bayesian spam probability is 99 to 100%
1.00	BOTNET	Relay might be a spambot or virusbot
0.50	BOTNET_CLIENT	Relay has a client-like hostname
0.50	BOTNET_CLIENTWORDS	Hostname contains client-like substrings
0.50	BOTNET_IPINHOSTNAME	Hostname contains its own IP address
2.17	DCC_CHECK	Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
0.00	DIGEST_MULTIPLE	Message hits more than one network digest check
4.39	HELO_DYNAMIC_IPADDR2	Relay HELO'd using suspicious hostname (IP addr 2)
3.49	HELO_DYNAMIC_SPLIT_IP	Relay HELO'd using suspicious hostname (Split IP)
1.55	HTML_IMAGE_ONLY_20	HTML: images with 1600-2000 bytes of words
0.38	HTML_IMAGE_RATIO_02	HTML has a low ratio of text to image area
0.00	HTML_MESSAGE	HTML included in message
0.00	HTML_SHORT_LINK_IMG_3	HTML is very short with a linked image
4.00	JM_SOUGHT_1	 
1.46	MIME_HTML_ONLY	Message only has text/html MIME parts
3.70	PYZOR_CHECK	Listed in Pyzor (http://pyzor.sf.net/)
0.50	RAZOR2_CF_RANGE_51_100	Razor2 gives confidence level above 50%
1.50	RAZOR2_CF_RANGE_E8_51_100	Razor2 gives engine 8 confidence level above 50%
0.50	RAZOR2_CHECK	Listed in Razor2 (http://razor.sf.net/)
3.00	RCVD_IN_BRBL	Received via relay listed in Barracuda RBL
0.91	RCVD_IN_PBL	Received via a relay in Spamhaus PBL
0.88	RCVD_IN_SORBS_DUL	SORBS: sent directly from dynamic IP address
1.00	RCVD_IN_SPAMRATS_DYNA	Sender listed in SpamRats DYNA
2.07	RCVD_NUMERIC_HELO	Received: contains an IP address used for HELO
0.10	RDNS_DYNAMIC	Delivered to trusted network by host with dynamic-looking rDNS
1.67	SARE_FROM_DRUGS	 
0.59	SARE_UNI	 
1.93	TVD_RCVD_IP	 
1.86	URIBL_AB_SURBL	Contains an URL listed in the AB SURBL blocklist
1.96	URIBL_BLACK	Contains an URL listed in the URIBL blacklist
4.00	URIBL_IVMURI	Contains a URL listed on ivmURI found at invaluement.com
1.50	URIBL_JP_SURBL	Contains an URL listed in the JP SURBL blocklist
1.50	URIBL_OB_SURBL	Contains an URL listed in the OB SURBL blocklist
1.50	URIBL_WS_SURBL	Contains an URL listed in the WS SURBL blocklist
__________________
Reply With Quote
  #12 (permalink)  
Old 09-14-2009, 07:06 AM
Special Member
  
Posts: 174
Default
I grabbed the email and viewed it as original and that is what I got plus the link to .gif How to I get it to include the MIME info? This particluar email did make it to the users junk folder. some of these make it to the users inbox. How do I tell how it gets scored then? My feeling is I am putting my .cf files in the wrong directory . I did watch my graphs go down as soon as I implemented some new rules but because I have no other graphs to compare to I am not sure if I am getting the kind of spam protection I should be. I will look at fuzzyocr. I am sure I did not set that up so if it is not default then...
Reply With Quote
  #13 (permalink)  
Old 09-15-2009, 06:48 AM
Special Member
  
Posts: 174
Default
I have 2 systems, one at home for a test box and one at a school. The school is where my problem lies. that runs version 5.0.18 my home box runs 6.0
Iworked on some settings last night. the school did not have dspam enable so I changed that as well as add the recommneded rbls' There is a noticable difference in spam this morning. WhenI ran zmtrainsa on both boxes this morning I did get an error on the school system. Can you tell from this error where I am going wrong?
thanks
Bill

20090915094254 Starting spamassassin training.
netset: cannot include 127.0.0.0/8 as it has already been included
Learned tokens from 1 message(s) (1 message(s) examined)
netset: cannot include 127.0.0.0/8 as it has already been included
Learned tokens from 0 message(s) (0 message(s) examined)
netset: cannot include 127.0.0.0/8 as it has already been included
bayes: synced databases from journal in 1 seconds: 3081 unique entries (3974 total entries)
20090915094301 Finished spamassassin training.
20090915094301 Starting dspam training
Taking Snapshot...
zimbra TP: 0 TN: 0 FP: 0 FN: 0 SC: 0 NC: 0
Training /tmp/ham.FJD8885 / /tmp/spam.ENG8884 corpora...
[test: spam ] 123bdf0f577-0 result: sh: /opt/zimbra/dspam-3.8.0/bin/dspam: Permission denied

===== WOAH THERE =====
I was unable to parse the result. Test Broken.
======================
dspam_clean starting
PROCESSING USER: zimbra
Processing sigs; age: 14
Processing probabilities; age: 0
Processing unused; any: 90 quota: 30 nospam: 15 onehit: 15
20090915094301 Finished dspam training
Reply With Quote
Reply
Page 2 of 2 < 1 2

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.